In my account settings i've import a .pfx-file. I created this certificate with openssl.

Not sure what exactly this means. In order to be able to digitally sign messages you'd also need to import the private key along with the cert.

The PKCS#12 or PFX format is a binary format for storing the server certificate, any intermediate certificates, and the private key in one encryptable file.

When importing the certificate, I also had to enter the password (so that Thunderbird can access the private key).

Is there anything related in the Error Console (Ctrl+Shift+J) when you attempt to sign a message?

Good idea, I would try that, but unfortunately, I won't be back at my private PC for a week. I will write in a week.

can an openpgp key be used to sign with s/mime? I would have thought it would fail the oscp test.

For the openPGP key I would have though the open PGP manager and signing would be the way you had to go.

Hi Matt,

can an openpgp key be used to sign with s/mime? I would have thought it would fail the oscp test.

No, as far as I know that is not possible. S/MIME and OpenPGP use the same cryptographic algorithms, but the internal structure is different.

For the openPGP key I would have though the open PGP manager and signing would be the way you had to go.

Yeah, thats the way. I only tried a combination to find out how thunderbird behaves.

Hi christ1,

Is there anything related in the Error Console (Ctrl+Shift+J) when you attempt to sign a message?

When I choose OpenPGP as encryption technology for the signed e-mail (only signed, no encryption) I got no error message and the e-mail is sent digital signed. For more details, see the appendix.

When I choose S/MIME as encryption technology for the signed e-mail (only signed, no encryption) I got no logs in the Error Console :/ I just get the message: "Failed to send the message. You chose to digitally sign this message, but the application could not find the signature certificate you specified in your account settings, or the certificate has expired."

"... You chose to digitally sign this message, but the application could not find the signature certificate you specified in your account settings, or the certificate has expired."

For signing a message you do need the private key. So either something is missing, or there's a problem with your cert. Without further details this is anyone's guess. I wouldn't be surprised if it's related to:

I created this certificate with openssl.

When importing the cert into the Thunderbird certificate store, did you import it as a personal cert underneath the 'Your Certificates' tab?

Now I got it :)

When importing the cert into the Thunderbird certificate store, did you import it as a personal cert underneath the 'Your Certificates' tab?

Nope, that was not the problem. My problem was this: I created a certificate and imported it. The problem was, nowhere was it written who issued me the certificate. I had to create a CA certificate first, and then use it to sign my own certificate. So that Thunderbird can handle it, I not only have to import my signed certificate, but also add my self-created CA certificate to the list of trusted CAs :)